hxxp://discord[.]com

Resubmissions

05-09-2024 12:11

240905-pcpkbazgpn 6

05-09-2024 11:52

240905-n1xp6a1bmh 6

05-09-2024 11:33

240905-nn4b6szhpc 6

Analysis

max time kernel
1025s
max time network
1042s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	discord.com
11	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{A0E66EBC-4A59-47F1-966D-6D1BF81B7255}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
588	msedge.exe
588	msedge.exe
1136	msedge.exe
1136	msedge.exe
3424	msedge.exe
3424	msedge.exe
1840	identity_helper.exe
1840	identity_helper.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 4244	1136	msedge.exe	83
PID 1136 wrote to memory of 4244	1136	msedge.exe	83
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 440	1136	msedge.exe	84
PID 1136 wrote to memory of 588	1136	msedge.exe	85
PID 1136 wrote to memory of 588	1136	msedge.exe	85
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86
PID 1136 wrote to memory of 4896	1136	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff540d46f8,0x7fff540d4708,0x7fff540d4718
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1388 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,332465531565254246,292321940231565655,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
862KB

MD5
5c5040c350ee659b656361be2ef7db95

SHA1
de134ff38565505639a6505678b5c045dcb00785

SHA256
c9b433f26a63bc6bba578a724a230d622777cdae578009c46c3dce27e1d4323a

SHA512
9348416965f5db7c9b3bd6fbe1fbc157d6cd64678589aa35658d69ee9330a96a331703ed5f8c3e9c90153f2ebd4795e29642ce240a7c1a13136de7b670335340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2b3b806f5166cc077147d3350fe6a984

SHA1
f14b80d7ef5c469600d552f9fc1f6983a3294884

SHA256
9deb457a250283eecde20d2f4f1c45ca0d3b7c801ea604d4515bef636703ae98

SHA512
775c874d90365089be41286e922d45ae467b95a9efaeaf92c125bf1802bdaef2c0078535d04b403e479b797664958c98eb7448f09be2ceaca4d423402520cc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5114ef959ed81173a9fa1e9f8dc1fa70

SHA1
bb27a3f3dd5f9d1957b768f4c94684b8fdee73f9

SHA256
2b07dd89fbd3be1820b4de56450d88e1b84c0258560861564e157f27c4aa0e8f

SHA512
5197643a99f4dab7845004e2933c4fc0f5089950d47cb1c986923386788e612d271fe2e1019255c1a517b96a16c21a15451345c90b58297f8f38df5ccec300e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5a6babd99152fd7ce4c92e9fb14199af

SHA1
83ff2e9f97b9552a958f91cd973a7bf2a1e7df69

SHA256
83b00bd9618f98b5662c8d4dcf61d688437a643ba967d548dd61347d894509eb

SHA512
95ba052689ee5d86f8c1118de407a2bf37bb15742f025ce61f56c5edfcb90ea149d5074d4acc1539f56ca35648a4645f63aac5f8cdf5ed58942b0b2b5e1c4fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
627cb2309cb59b132ac327eb46ec6821

SHA1
9befff74d6db81ab8589fc01affcbd4fcfcc5575

SHA256
3fd090485622c924c0af23a4abd03d2a05a0cf5fe536074c7dafbc62c62e145f

SHA512
22a6e9b196cf11a101e13980188dce90c176b94124d0905f59a7e938a367fdabaa2ac170ac7de5a029456615058ee1792d1f5cb46ba71869d570b1ed3a789595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7c8976c5bc0c769f1088d9f6df8b98d8

SHA1
c508b217d1007f0213add4fd477946810f122f3f

SHA256
47304d08844bfaafbecf7fbde6506a1416633f61d932ea162afda665ee0d2e35

SHA512
a09ea37dbf3215ce2db5fc20680b6403ebb7d69b887f3c4bc66ec91071fa7fb50ce70c9cf525d401fef16ff965aaf7671218cc871c49128ea1750895904ebc70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2258acec0ab62fcdea297b325b01ada9

SHA1
711878287a2cae412a054396b913328116a69719

SHA256
fc44b2ae6df6ba649104f5b6b9f499913a93f5424ad6fa0f5f09f9b3d911f6c8

SHA512
8b5cf526adb0c654609f7097e3fb057c7dfff606ca39f1d94fd277abdfbbaf9298852e205d6ee45e0b9dd970f4b6a09629e4b989a94810f6191caaa1f0278dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
923d94517b0dec1013fc1f0114247432

SHA1
9c119848f8bcd73771d8719ffe40e400d2985ec1

SHA256
ad64734cb0d6d75c429301136a6317981a73a915e2c7d0f7a9515e91f80d5614

SHA512
5a9471f5a95adb72c19540a851abe36332ac8f1ce385669c443fa3f408afe9dc79dffba5b6639cc1882dd3f891d31139bc1eea4065dde2b4cecdc6fc771d14d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7addb9e343c9be3781f215210a32d1a5

SHA1
272b98880c5f0e2f2a489620f2ed6d27b4f7663f

SHA256
3af3abb861365a5586a7bd275a48fbaab2d0e7c5c76506f54755c809c38264c2

SHA512
a7248d7d7a80679585aa737840dabec4983e34a0dea4f1396c0b17119297e80c064d42c9cd689e207e392364428c7d32357ec58aae969cea714c161bf704623d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
702b61a6dbcd0b4500b7a032996fba97

SHA1
9a197a38ef9c086c789c4fdd8362133920a68399

SHA256
5f7d2cb1b9c4bbed246c8850cc1d18a9f1624971e731969bdabd429f5c86a167

SHA512
d2875ec8d07e0990bacf569552933b17fa8a63fecaf95c1fb2a41f2bc28986a836c44a9264395a98d7fbedd028658708eab62589b0629732f08c89d394bc723b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7285ad1ca5f2dc360577e9a136868767

SHA1
ccf02645389716c05c5d86afc20628fde1aaf2ec

SHA256
11fdfa7edd10d09e49f46f1b9da86146af2f73b0f00d4cd5f32cd5c4b9782fe2

SHA512
0fe9f14a9b966acd658da07de43ecbed3acddef07ccaa8953ddc4368c719be7e4b450ba1f18a143e63c965abb9aad390c615260a6e9a0775a1a4ac4085184c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5f18f25a8b0dc317c5789c6c33f95e76

SHA1
970d2beb12cdb5eae62b0b135ebe7f19bc6edd6d

SHA256
9eed10809f5f2a03d8d54b6bb86acc8589a42db4a600384339abe376002d4f7e

SHA512
af2f84d3314cf642a39a5fb674821baf145512121a9421605faccd7417fada0f8c66ae1e9c727ea0f02ebd36e1a3c428c512c90c318bbf56511cab201548b610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
47f40166a1257e3aee019da595ea1bf5

SHA1
6da067c31044bcb979a13b9863c7450ceac1f210

SHA256
f484841a8fa3acc9e32d9dc9153bbc5a94b8b66814cb2c7f9920d797bb9d3fbe

SHA512
34f6b3a437156676c2cf1ee61a9614d5f261bad87b6ea6ca6add14b12383eda449886efd631fa047b187372cea93c3ad104a95041bc9c6c14cdfed2b237e2fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0f5f9c86b1500bf222dfcf9750f1e57

SHA1
1f5a6183906d0615f4872e3ba5dea5ead7f4728e

SHA256
fc6e2dbba1f048a17ff3382cb80b09b23b877451a862185a4ef4c4ce7ab434c1

SHA512
b75a08f5ad2d19d096e36da2bce4a5ac3e5603583ba968acb1da90bf81abb766e8549d017d73561c55750826353cfb0785b762e04eab828f88b37676433cef5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9cb4f1f368293b026bbbf566012a8c0e

SHA1
8d9b96a9cf9328bdfcfa91f02c3242d702277214

SHA256
5f2e3cd84f0e946a938ca6b81c2746f7f7733dac2f9cc9f771b256c812313b3e

SHA512
c3d441ca3a91a336cad13933f099b2751af690a0f4c26b97a63f4227964066e5c2675fb4479cd521bea5200a51814fd2120f89637846267b8a80e93965642fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7509ec2fb60fe93e56c469aa5798db52

SHA1
70eea2186a20e79bd2a95d733236af331664c3d6

SHA256
6b6503e17f87ba30c3c7ee25f6d8afe9e0166b5242cf48c5a6290f1c71bec942

SHA512
ff3d2110cebca4bc1ab0d8f9f6360004c032a5ec4043eb9d9c0450786f73e4c39acc2256162eaa633f311b002ed95926eff2f0e8db4021c37663091b4ae2d8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b2fed88d7f29f1dde43f6fef2aed8e8

SHA1
e9dd8b18ba3557139ce966c68df71624eb43685b

SHA256
fb070919b12bb69ab62f0dbb7224a5d37a6397d8262a521165eac846a90e3563

SHA512
56d824ee36109327531a6a24692eb315e92458847b6152f944c3bc6e1b377ade6c9d73f0d338ca3c96cd2ffbf0e2d5dd452b7908b376dc7b27557c65982d03ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95cc39f7f66f902291468d828d59a4e0

SHA1
7fc86162478b5cdd2e9b7ae79aeb4a131ad04f6b

SHA256
29c50e02b501957e88f46eb906587b2087138f18867b7e64dc9ef6335fa11c86

SHA512
40f645ac95e3d0a47daf719c4da83bbc8db08759035f6d84f8b2720d008af8ee9f4d04a32b9604584445d134acf81d331db242385abb80c6ff457c4124888713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c981523efd994e930374163e0f558de

SHA1
cec4de5953e664a6ac45d6a447016ecaf3fe7906

SHA256
16db8c819c3949776c82d2b40f2270db207eac5785fe2562557939f14adb72ac

SHA512
326d30b70a11b36aaa3414613e0a1afcdda979084129e068de6ea7f4a4d7a1839e21ab3ce1c82c1f7e201c655f736c46f11ff42ad4717e3ed10c86af6b567203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
743811a69a60a21345b2db435d124afd

SHA1
46044f60a548fa3902b865a6cb2889b357217c41

SHA256
344bea3a429f26a1a868c3efa89c772f8ce067258be7700a4ee1c374ef2bfa05

SHA512
b458753fa2d0d6bf6d47ef7c6b02435197100d9a6eddbbf8dfe840062984ebe23f0a6dd05be3560c12e02876898395163322ba30fb43059f39880327dee6f759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
24fac54e9d653b149351c549d86d1275

SHA1
ed51f7c2e87923171e7488a3e55b3f6de9faa2a2

SHA256
2fd95b8bcdd18296b3092533c1221e111348d04c7640d7ee9f086935013c6c80

SHA512
f7850f076fbeb29cd2ece387ee276b3248d6501c16972ed44296b4df27e0cdaf770a3977d83cd9a68b07dc5c179cb247c20dee11b20e9ed53fc8f06784d537d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
efe25424b73ce7a2092e36ef71ca67da

SHA1
243624f6cad8e1478278a311038978551eb1359f

SHA256
d07022603657b6f359befff142ffaf9539653767d738da75c26a889b305d0879

SHA512
db417fe636e4db959c6fc99aee318fedf8ddbc6181ba619c3f4f1f52cc59edec3280bd9fbe263ec63e64b5fb01d4ab126d4b4c6418750bf751d73928dfed1e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d3df14bf2e83bed181be37d622eac510

SHA1
d98fa6a9b0703a0e5b04ed3ffa8518efc76d4ca2

SHA256
4eb1c7442f046bad25bd3206ec14f7673eeb08072c4bed6f80cd7ba80ea8906d

SHA512
c10fd706dd35236dbd28927d99c354eaa9aa5d639427b5b7ce2eec423afffc11e55394dad2565df21485077086cfc28f20f02f67ef513365bfc53a6340cbcccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
146b6e8400d94cbebcd21e76a0d82dc7

SHA1
4b6e6311bf4142c692d298450034149e3d88c84c

SHA256
5ce5aff00456da4a8d42600a8dde554b6575b362d9e142948708beaea6578454

SHA512
03b1b8575b96724a7df16b9203d3699a3f3f38cceae9d4b8fe06aa41d84af446e26b031e69ee7cf340be5ca1bb1ecd1c2ef3d81a07483ac9b76eee0d06042c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ab14ae1ff0c8c6825e80fe59ba1dc76

SHA1
47fd8608e75b8f101cca05d11f22f340c1383cc2

SHA256
1513eaa8f083eb6f631b9ca953136ab936e469ebd16dbf26e0f6dda008f5c9fe

SHA512
7ac506dd72888951a84ce963a75621e1f34c86a0ee229eb93549dd946e0c24d447f8b1263f202a17db8fe7e8d6ba297c5f6b488697ef11aaa67b3d936f0d92aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2ea1ef90281f44ec39c25944c4e84b3b

SHA1
e68a91924ab2af3a413f833dc6094c0357774914

SHA256
f6f5ad58cf275222e1416bc413f2388985d42fc93632470992bbe81b2b9c6edd

SHA512
603ce17d30c6d5dd9152076e023baae710f9cfd11a99199d1fd72f2c2a776a199046a78817b81ecb5b79a4ab964f8075cc7f87b695a602d4f3e2f3f92a649c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
85c01bfab59d02a4c79675481a2a48b8

SHA1
dcd202c3e64c890842ae57141c26f10fc7e6e1ff

SHA256
0108058b204eb721c4dbd0aeb23dc6acedac53666853d69facf4308fed88f31b

SHA512
afca852a18f116af27ad496d2799630aeb16be9fcf33fb2e40267199b5b443eba61db423bd8fa1be24fcc125e527bd2d2d874a61e2aadbbdf6792123ee967d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
31c120fc7eaaf4baaa6ded52d7cfd79d

SHA1
1a7bf5961d59391fda57c6ffb548fe6e60412069

SHA256
97643bd58dbc7bfbc93c74bc340b75c66e61dbdcbd392846461592634ab497e0

SHA512
e04b8675d4915fbf1241861957d817ca1ff296753eac08ecf936d48531066334adbe0e7e84fbf484206bdd2e30975cf31bb2ac50b61d4f00b134410a1e57213c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
182ccfad5d2a644835af6b58b904c8d2

SHA1
f9391a49d5f978abf9249f42cc46b91e2ad9d69c

SHA256
c97b4b9b9adf67d0c8a1151535d2c6d26114dba824fe726418936e53bdd8e2b8

SHA512
1c5c79ef065e8ba01b78136e24725c65b68866b0f099708a5528033fd8c6858f98057a58c397f9f134adcbd9686a3ece373314eb47a2f50a30bc53aefca2f23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bc732dae62cceeadbae6c903d613e9e

SHA1
62d4d8a12b00a89b40d662b72ce819a858e41273

SHA256
ea2b98510b3e50573cca6a1a9469ea7bcf23e5221f47492d6ed0e4171863641b

SHA512
7074ac42b7403f2d8d3bd860f0dce019786938539bc910ba548c8bb2a8971062e586deab7042d2fe881c2439d3e146ab3afdc4221e3b3731f4bb4681adccf674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
910b3faa72d42ca67c291ffadc4f5541

SHA1
da83747690e6fe44f2789a8e35bda2a206c726d3

SHA256
d4bd143890d51e039ca40be096ea5681cce0591dec9b28d96ebcc6f3cf518aa8

SHA512
4731e792eb7571e299131f948889aed7c23b6a352c0ec9e32c636732b98bdaadccd124b8d43374db78129bb444f550122883f096a80f7e287d39f799eed3deba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b3b26f12787a46c43d8b11f15d0af1e5

SHA1
728942dfc5cebb368533dbba0665f97adfb984e8

SHA256
5b076ffe60832d94130ad17df158db7cf099fc34bc7cf66bbb15033102178368

SHA512
0d4bbdc7a8a35480b72235fe1ab5256c768cc79bbd430a89eac5a4559aa05d405e8125d40cea9bb70f784d6ab4d5ddb296e2f1f503cebda028024d7f1c4f4ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e047fb3a248779ea275d0b6a09156a7d

SHA1
69b3bbb4bf9dba969ffc38cc9958b3130e93fd89

SHA256
262114d2a9368edec67ce9bfbdb3a0000a9cfb20a8525cfe1bb49d4fbc6e18f0

SHA512
d64a83467f369adf118fed835632e8deff4603b109fe75b7a7232967ea4b50f0c0a1fecaabababd079d983d2a6d405faf899ca12348e2063816402086e7ff032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
74479b08ecbcee89e2b62436a6a95f51

SHA1
1c8a6e997f290ad4fbd47ed66793cc79ac42950a

SHA256
3a4758b0b471387150130b8b6dbab3f1037dbd6bbaae448ca9d3db59d1bd941f

SHA512
13f21d0255b34407abc582ff96bfabd18e85330f96b2223351f8f9efde5a78063a138850cf1e3fa7229f9e4cd1269ae5e59208ba527b96243a07a1c0b6c9f424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
296ab0b4e2b2c530238add0bfa7fcff1

SHA1
d0aa253a46c555bfa0bd5974e4062d31580ae301

SHA256
86c2dc9e00bc49c6c5a74180337bf2e00ff551e307992e61ae16b8be3d04a948

SHA512
ba29a42dac7917cc5ab7c2f707d9e0b89bb87e2cf002b64f6ce98d37aebf7d18d678c421a9f3465d39ae5e5442e6c6a5d2dec2a1a1b0aac85961a7813c0b0eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02aec889d16ad07c8f8c363641938bc5

SHA1
9eb85c68608fa38f6d72e5ad069c3ce378927367

SHA256
12f93e02f7f240b49c8d79b2123334b35e6dd15bc42193d2acf255da21a570e7

SHA512
48cd3a3e8dee4a3a05648e5b6136c2ac2fef18b2684c5c1e6b67914e90a88e6259f00369baacca1e69de2beb8e1d78c52f9c25a3cfe20946ba53373958f5a64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bf5e63a74954391f57a67125bd50fe6e

SHA1
ccceb371ebf9c8ad882f38392a8d76cd9dfc1f07

SHA256
0cc40145ce58df89368cb60425296720e1818a985d8e9fb7de26a12c70df3616

SHA512
b278143b38767ca416c057c136e7c976cad3442d49886e1e9ae45502f5cc09f957d2707807d47a49b58b3ee4166923656c8c278ca604d21e34b6da9bf3fb3e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62330ba7a4e51000f6b97e02c6ca0d6e

SHA1
a22006e021bef466b9985a37960d1067e62483fe

SHA256
2ee3a3ea95893a9714211bd3cb4c04a8a7e9f8929f7e9c248512e7ffc14482a2

SHA512
4644a0980cbb2aae9acd397fe9c2d38320f3c9a361a13bec14be0711f9c0f593736220824a9589622872118a30efb65b1af2ec82826ef58b899649838525f0bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4d6effd897b7ed4ac0ad86f37d212aa

SHA1
03a54af9c72203a92b779aee822f29edce236d8d

SHA256
719a8611f516ebec8dae9d4a3200d76e39198c02afd0b57deb90b556c73c78cf

SHA512
b5734c51105e70f3e15dd06bd035a295f8b5f334c8f895a740a593da00c3da4e97d61c355c3f4475ba2a4a3f33ece119b583d9d383cc5553ee649182d4527ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
910eb5b361d1448221bb6fc872d0388e

SHA1
98640fa78b9b1153dad81e2c3a7a9979c7bc5a0f

SHA256
351a51a1930cff3364775ccb4ad2cb2ad397797132faa8f15f1f038d85782c3f

SHA512
bf7ee638a9122ad6eecdd9a5e47b001586231dd4a50a1f9f0bbb69d94637f30b94d9e9cff303d9e39652641550558fc0bc71750a89b6686423d2308bc6490dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
324f8b0ef56609a5b26c22887717591b

SHA1
bb2ff3511a66201c229238f684aaef3d282f366c

SHA256
2a7057b4c79a7f487940969dd6fe2a53ab4bae240ddf862257d5c3cf154a11df

SHA512
b58c4834d924ed9c4592b3ed22bf7c2b855e4d0ba2ab79c9744d043497a5a4a45031a82f32aeb1d3899bcac4b45d3ec3108f703fc07a09d0439e23c40de60014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a40daeae8a2b01b6f871653a63087cdd

SHA1
d94cb51988c64ff16a5a21428b672a61626aec0f

SHA256
a625cce86ff6a6d78d0aedcc3b78dcd3be99d2b920908f8e2108015242e861b1

SHA512
230af6f177304ed8e4d543b988c206a833e501de8e08b38303add1c099d8f7f91ca478e475dc8a1e3a6a7538a240588cf34729e77c4b66b537a55108a80a5ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b080083b536fcfc20a4abbcbd88bc1b4

SHA1
bebab5dda2c5019518c919da35c96156777b19a8

SHA256
37a4933273d9863bdabf03d1ae6c8b548dff94f09939984ca80d3b93f7f452c3

SHA512
b4e6b16018dd88ac81d8b14dc2f709e5a272da7ddee9c3a5411022bcf32f7f553e34d0492f8a5afd8e677b5ee1a312c9f994227ef2d80534b2e8f34b39521742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
498f884b0c5abe5a01c87e03c1e58deb

SHA1
de5fac39c78cbc5c146c3299ba8d7473b2515f91

SHA256
d7d05a3603eb1e0379a2d4d9204472421581f6c7c8889344226b223faa083f32

SHA512
821e8e792a45a5c00e4d6e389e3bf6c3be5b08dd7e46a514e253ccc377491ae61d96ec33ef1470a09a063d9e346458c07cfc41e4f0b532bec886b6f8be552d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3abf23aa1171bb0c6faebf12c1ad72e1

SHA1
6df9051f8f19251556c76ce0a26da5957f8e1c5c

SHA256
10badc5cba65e362bd842ba5314273293a8753b38449b83c46b566cddaa1f836

SHA512
40ba94c327a3e260e842f3298fa6e471710d47e0df5b044020bdd090e18a312be49b4281d8fed9ab3a8f8451dd3f2d6c0c1f32d0d3ace8cdb59e151b0f2c1f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ad8cdcc965a03cf84593b590654d84eb

SHA1
766e865eb30db6c7d6e1554516f456a4574aa47e

SHA256
f00f1653a1924ce154f2d7b51b6d45f30b439f18c72f97fce667722326c1ee76

SHA512
3a92b930018bd7241053bf48bc8637320ebec2a5103b3e627ab2e30bbead81ef619c54f11d94396991bf6949f1bcc13914295cf2a5857b47929abef734bc62d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d3556e8e71ae6dd9ad2fa718cdc01a0e

SHA1
9199a0c80eb18b3ee47880d30c8a4b2641bbd3c0

SHA256
f678c993cd08c2311c5a35404de10acd185265e86028384b35dcfc7a288f5c25

SHA512
a5c307ebd2554306322d36e3b8d0dafbaeb795ebb687affd816546936e37c365c692afe1703b4db4d3bd67b7b7dc3c77505a3bc288117d39dfbde9cbfeb3e5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e41ab34e826733cad659afc6cb8145b1

SHA1
0b6f4b8b120e2811322278013175995f15f30b97

SHA256
7e60fe7934622420478461b10cca343ab11d1f3839971bee9649f585617c4700

SHA512
0037a2a02b842010231b8ea1a925e9cf4ab96b5754f86f805c59a012f6eea32bd2861c4979f9a02e79d4c238db4c51705f13c249f13c02b91ef8490979902a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b8d249f23033ba06d1768ddc0ff17f64

SHA1
3bda5ffee66002cbb2bfac25d134dbff9c4d5198

SHA256
c53c04567e4bd53ee0244098f77ce7febf860f7f1e83c664fe8fd644440b9377

SHA512
f3de6abf0aa05ee61a36d888bb20bacc3d6b4f4c1a1c02b3aa3d6a3edc9ad5bda28b31d1050bb696dab7fabfb30ac2b55f370161c69b3985b47fa32cd686d2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
56966f4f3bf4284eea17851963988c18

SHA1
f329993ffe70fe3a5085f0cb28242776e306d219

SHA256
8588933dbe59a7bcbcd67d7d16b657fd761e3ef865956e64f4bf0a83f825a81c

SHA512
23e7cafa9a5954b6d3789759bc44346b2318e536f3ee791e0ccac95193c8ac9037b4407fca3ad26f171ee8da2d081671b4c75e83fcd9abb772ee6d35f6e28e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2c38b7770be0635c87cf99d9d7344c85

SHA1
fe6f663cc45f2adf2379f4df4446dc896692df98

SHA256
eb6faeb4791bef8b05cf9600fda1701732b3afb31ff70e94a903dfc21a884165

SHA512
c1dddba20e006fefc8d320cbc5e0c6001e2502e17a87e042c3bb97c19bb7a79283b88629f4647e8d251877c9c0020e960b101869c587c68de9be03d5ab6bd319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d21f948b2f5789df5f036ed561d8557

SHA1
25cd9ccbaa8e7fce380286a5d6017bcbb22fcdee

SHA256
4ad3d666354d6de832a6563b8385a860d8a332ae7e259706998f2f7708ce3a56

SHA512
944a596f80e4943db520238c631d6e283a967cd823b3267ae84f493666a10c970ffd056d6f731f38a854bb0ca5659313784a2c9836c97a2389cb40df80112ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
265ca35c04aa248e83d2b59cf6795b6c

SHA1
c0db4f9e47d866371b68c16a67ef84bf12f86ebe

SHA256
50c5aac4a3190e0b3dd94e9c9ca76e9190e59e9f2a888e55f646e2d22abd8a34

SHA512
2e12f416599e0124f0efe08b7e93888065cddbabd257f82dca8c0630d5fc1c234721f9d82891069bfb55f2daa2edc008d70bd203ffaa83375ea735d0e8f23179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee29.TMP

Filesize
1KB

MD5
a32bc9f4ef4febc79192e3d15ca6542a

SHA1
c9d9cf30dbb315203f05a9e86237131a0ed75ac2

SHA256
a3f423c5ccd3f444d524df6fdb58a0f27d2a4bac314fbaf6450c416d7bab8505

SHA512
4e8ee9014ee339880d3694b468d594344e90757eb5ce65aebcbb5afb11d70288be832a131b0e4063fd60a803a050f27a3103f897e022811c16722ef1a8634b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00002b

Filesize
17KB

MD5
a2a8d4620524be9eca7f61eac3fb3c52

SHA1
68caf758966594d7c2de8ae9430a6b21d76eb82a

SHA256
39f3ff198c8f282157f3c4fa3e41ac5fca9954a9780c2b4cbac94e69aafbad3a

SHA512
682efab9a1c9709d6d66bd86c73624160108df4eb9cad89fac62e2371ce3078cf4f7303c9b2dbf37705f4e0ed5fca1cf2a8be8fb504d685ad2b10dc7d9dad59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
774c71bfdbae1181c307dd543cb97fd2

SHA1
9dd7060da273f7c873c527bf1971becf2fc5f090

SHA256
debc6ff27cd35c4562a2064662832aba060ddc2738e520f31841eb23df85aef9

SHA512
85ff0deba71d472979ec37f1897b264e127bc36e7d98bb7430325d54069345a13463289c49edcb2f611b5268c44a206b4452b664a87b232fea25afd054afb8e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit